* `url-retrieve' for https behind proxy: 400 bad request
@ 2016-11-08 6:18 Andrew Savonichev
2016-11-08 11:58 ` tomas
0 siblings, 1 reply; 6+ messages in thread
From: Andrew Savonichev @ 2016-11-08 6:18 UTC (permalink / raw)
To: help-gnu-emacs
Hi,
I use GNU/Emacs behind the http proxy with no user authorization, and
seems `url-retrieve' does not work correctly with the proxy-server -
error "400 Bad Request" for any https url.
Environment variables (http_proxy and https_proxy) are correctly set
and other tools except the emacs work fine: tried curl and wget.
I've compared url-retrieve and curl requests to the proxy-server
and there is a difference:
curl does CONNECT followed by GET, while url-retrieve use a direct
GET request.
curl (works fine):
CONNECT www.google.com:443 HTTP/1.1
Host: www.google.com:443
User-Agent: curl/7.29.0
Proxy-Connection: Keep-Alive
GET / HTTP/1.1
User-Agent: curl/7.29.0
Host: www.google.com
Accept: */*
url-retrieve (error 400):
GET https://www.google.com/ HTTP/1.1
MIME-Version: 1.0
Extension: Security/Digest Security/SSL
Host: www.google.com
Accept-encoding: gzip
Accept: */*
User-Agent: URL/Emacs
I've tried it with the GNU/Emacs 25.1 and 24.3.1 releases (with -Q
command line option).
Is it a bug? Any ideas would be appreciated.
- Andrew
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: `url-retrieve' for https behind proxy: 400 bad request
2016-11-08 6:18 `url-retrieve' for https behind proxy: 400 bad request Andrew Savonichev
@ 2016-11-08 11:58 ` tomas
2016-11-08 12:19 ` Yuri Khan
2016-11-08 16:26 ` David Engster
0 siblings, 2 replies; 6+ messages in thread
From: tomas @ 2016-11-08 11:58 UTC (permalink / raw)
To: help-gnu-emacs
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, Nov 08, 2016 at 09:18:07AM +0300, Andrew Savonichev wrote:
> Hi,
>
> I use GNU/Emacs behind the http proxy with no user authorization, and
> seems `url-retrieve' does not work correctly with the proxy-server -
> error "400 Bad Request" for any https url.
>
> Environment variables (http_proxy and https_proxy) are correctly set
> and other tools except the emacs work fine: tried curl and wget.
>
> I've compared url-retrieve and curl requests to the proxy-server
> and there is a difference:
> curl does CONNECT followed by GET, while url-retrieve use a direct
> GET request.
>
> curl (works fine):
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.29.0
> Proxy-Connection: Keep-Alive
>
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.google.com
> Accept: */*
>
> url-retrieve (error 400):
> GET https://www.google.com/ HTTP/1.1
> MIME-Version: 1.0
> Extension: Security/Digest Security/SSL
> Host: www.google.com
> Accept-encoding: gzip
> Accept: */*
> User-Agent: URL/Emacs
Yeah. This is the usual dance for https over proxy (if the proxy allows
it). Basically, CONNECT tells the proxy to just pass the https stream
along, untouched.
> I've tried it with the GNU/Emacs 25.1 and 24.3.1 releases (with -Q
> command line option).
Seems url-retrieve hasn't implemented *that* wart yet. Consider
reporting a bug (Disclaimer: I haven't tested with latest Emacs).
> Is it a bug? Any ideas would be appreciated.
I think so (but see disclaimer above). Or perhaps a missing feature.
Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlghvdoACgkQBcgs9XrR2ka+wQCfelLpIhZtizQbUNWo/stlF1ld
Z+oAnivbrKHDq9OLp+H22DhwgqUKyVbv
=kWtF
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: `url-retrieve' for https behind proxy: 400 bad request
2016-11-08 11:58 ` tomas
@ 2016-11-08 12:19 ` Yuri Khan
2016-11-08 16:26 ` David Engster
1 sibling, 0 replies; 6+ messages in thread
From: Yuri Khan @ 2016-11-08 12:19 UTC (permalink / raw)
To: tomas; +Cc: help-gnu-emacs@gnu.org
On Tue, Nov 8, 2016 at 6:58 PM, <tomas@tuxteam.de> wrote:
> Yeah. This is the usual dance for https over proxy (if the proxy allows
> it). Basically, CONNECT tells the proxy to just pass the https stream
> along, untouched.
And it’s the only way to preserve integrity of the connection. With
CONNECT, provided that the origin server presents a valid and matching
certificate and you check it, neither the proxy nor any other
man-in-the-middle between you and the proxy can spoof the origin
server, tamper with requests or responses, or sniff the traffic
between you and the origin. With “GET https://foo/bar”, all of the
above would be possible.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: `url-retrieve' for https behind proxy: 400 bad request
2016-11-08 11:58 ` tomas
2016-11-08 12:19 ` Yuri Khan
@ 2016-11-08 16:26 ` David Engster
2016-11-09 8:51 ` tomas
2016-11-10 18:07 ` Andrew Savonichev
1 sibling, 2 replies; 6+ messages in thread
From: David Engster @ 2016-11-08 16:26 UTC (permalink / raw)
To: help-gnu-emacs
'tomas' writes:
> Yeah. This is the usual dance for https over proxy (if the proxy allows
> it). Basically, CONNECT tells the proxy to just pass the https stream
> along, untouched.
This is implemented in Emacs master (but not available in Emacs 25,
unfortunately):
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=11788
-David
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-11-10 18:07 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-08 6:18 `url-retrieve' for https behind proxy: 400 bad request Andrew Savonichev
2016-11-08 11:58 ` tomas
2016-11-08 12:19 ` Yuri Khan
2016-11-08 16:26 ` David Engster
2016-11-09 8:51 ` tomas
2016-11-10 18:07 ` Andrew Savonichev
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).